January 20th, 2012
Sony Marketing of Japan Corporation
Sony Customer Service of Japan Corporation
Dear Valued Sony Customer,
Sony has recently identified a software vulnerability which involves a buffer overflow in the network connecting application software installed in VAIO personal computers, which have been sold during the period of June 2011 until January 2012. A security update program for this issue has been released and Sony recommends that all customers who have the affected VAIO models immediately apply the update program.
VAIO Easy Connect Ver.1.0.0 and Ver.1.1.0
VAIO personal computers on which the above software are pre-installed.
Click on a Series name in the list below to show the affected models for that Series.
- CA Series
VPCCA2C5E, VPCCA2S0E/D, VPCCA2S0E/G, VPCCA2S0E/L, VPCCA2S0E/P, VPCCA2S0E/R, VPCCA2S0E/W, VPCCA2S1E/D, VPCCA2S1E/G, VPCCA2S1E/L, VPCCA2S1E/P, VPCCA2S1E/R, VPCCA2S1E/W, VPCCA2S1R/D, VPCCA2S1R/L, VPCCA2S1R/P, VPCCA2S1R/R, VPCCA2S1R/W, VPCCA2Z0E/G, VPCCA2Z0E/L, VPCCA2Z0E/P, VPCCA2Z0E/R, VPCCA2Z0E/W, VPCCA3C5E, VPCCA3E1E/D, VPCCA3E1E/G, VPCCA3E1E/L, VPCCA3E1E/P, VPCCA3E1E/R, VPCCA3E1E/W, VPCCA3S1E/D, VPCCA3S1E/G, VPCCA3S1E/L, VPCCA3S1E/P, VPCCA3S1E/R, VPCCA3S1E/W, VPCCA3S1R/D, VPCCA3S1R/L, VPCCA3S1R/P, VPCCA3S1R/R, VPCCA3S1R/W, VPCCA3X1R/BI, VPCCA3X1R/PI, VPCCA4C5E
- CB Series
VPCCB2C5E, VPCCB2M0E/B, VPCCB2M1E/B, VPCCB2M1E/W, VPCCB2M8E/B, VPCCB2S1E/B, VPCCB2S1E/W, VPCCB2S1R/B, VPCCB2S8E/B, VPCCB2Z8E/B, VPCCB3C5E, VPCCB3M1E/B, VPCCB3M1E/W, VPCCB3P1E/B, VPCCB3S1E/B, VPCCB3S1E/W, VPCCB3S1R/B, VPCCB3S8E/B, VPCCB3Z8E/B
- EG Series
VPCEG1S1R/B, VPCEG1S1R/P, VPCEG1S1R/W
- EH Series
VPCEH1C5E, VPCEH1E1E/B, VPCEH1E1E/L, VPCEH1E1E/W, VPCEH1E1R/B, VPCEH1E1R/W, VPCEH1J1E/B, VPCEH1J1E/L, VPCEH1J1E/W, VPCEH1J8E/B, VPCEH1J8E/W, VPCEH1L0E/B, VPCEH1L0E/L, VPCEH1L0E/W, VPCEH1L1R/B, VPCEH1L1R/L, VPCEH1L1R/W, VPCEH1L8E/B, VPCEH1L8E/P, VPCEH1L8E/W, VPCEH1L9E/B, VPCEH1M0E/L, VPCEH1M1E/B, VPCEH1M1E/L, VPCEH1M1E/W, VPCEH1M1R/B, VPCEH1M1R/W, VPCEH1M8E/B, VPCEH1M8E/L, VPCEH1M8E/W, VPCEH1M9E/B, VPCEH1M9R/B, VPCEH1S0E/B, VPCEH1S0E/L, VPCEH1S0E/W, VPCEH1S1E/B, VPCEH1S1E/L, VPCEH1S1E/W, VPCEH1S1R/B, VPCEH1S1R/W, VPCEH1S8E/B, VPCEH1S8E/W, VPCEH1S9E/B, VPCEH1Z1E/B, VPCEH1Z1E/L, VPCEH1Z1R/B, VPCEH1Z8E/B, VPCEH1Z8E/L, VPCEH2A4E, VPCEH2A9E, VPCEH2A9R, VPCEH2B4E, VPCEH2B9E, VPCEH2C0E/B, VPCEH2C0E/L, VPCEH2C0E/P, VPCEH2C0E/W, VPCEH2C1E/B, VPCEH2C1E/W, VPCEH2C4E, VPCEH2C5E, VPCEH2D0E/B, VPCEH2D0E/W, VPCEH2D1E/B, VPCEH2D1E/L, VPCEH2D1E/W, VPCEH2D4E, VPCEH2E0E/B, VPCEH2E0E/W, VPCEH2E1R/B, VPCEH2E1R/W, VPCEH2E4E, VPCEH2F1E/B, VPCEH2F1E/W, VPCEH2F4E, VPCEH2G4E, VPCEH2H1E/B, VPCEH2H1E/L, VPCEH2H1E/P, VPCEH2H1E/W, VPCEH2H4E, VPCEH2J1E/B, VPCEH2J1E/L, VPCEH2J1E/W, VPCEH2J1R/B, VPCEH2J1R/L, VPCEH2J1R/W, VPCEH2J4E, VPCEH2J9R/B, VPCEH2K1E/L, VPCEH2K1E/W, VPCEH2K4E, VPCEH2L1R/B, VPCEH2L1R/W, VPCEH2L4E, VPCEH2L9E/B, VPCEH2M0E/L, VPCEH2M0E/W, VPCEH2M1E/B, VPCEH2M1E/L, VPCEH2M1E/W, VPCEH2M1R/B, VPCEH2M1R/L, VPCEH2M1R/W, VPCEH2M4E, VPCEH2M9E/B, VPCEH2N1E/B, VPCEH2N1E/L, VPCEH2N1E/P, VPCEH2N1E/W, VPCEH2P0E/B, VPCEH2P1E/B, VPCEH2P1E/W, VPCEH2Q1E/B, VPCEH2Q1E/L, VPCEH2Q1E/W, VPCEH2S1E/B, VPCEH2S1R/B, VPCEH2S9E/B, VPCEH2Z1E/B, VPCEH2Z1E/L, VPCEH3A4E, VPCEH3A4R, VPCEH3B1E/B, VPCEH3B1E/L, VPCEH3B1E/P, VPCEH3B1E/W, VPCEH3B4E, VPCEH3C0E/W, VPCEH3C4E, VPCEH3C5E, VPCEH3D0E/W, VPCEH3D4E, VPCEH3E0E/B, VPCEH3E0E/L, VPCEH3E0E/P, VPCEH3E0E/W, VPCEH3F1E/B, VPCEH3F1E/W, VPCEH3F1R/B, VPCEH3F1R/W, VPCEH3G1E/B, VPCEH3H1E/B, VPCEH3H1E/L, VPCEH3H1E/P, VPCEH3H1E/W, VPCEH3J1E/B, VPCEH3J1E/W, VPCEH3J1R/B, VPCEH3J1R/L, VPCEH3J1R/W, VPCEH3K1E/B, VPCEH3K1E/L, VPCEH3K1E/W, VPCEH3L1E/B, VPCEH3L1E/W, VPCEH3M1E/B, VPCEH3M1E/W, VPCEH3M1R/B, VPCEH3M1R/W, VPCEH3N1E/B, VPCEH3N1E/L, VPCEH3N1E/P, VPCEH3N1E/W, VPCEH3N6E/B, VPCEH3N6E/W, VPCEH3P1E/B, VPCEH3P1E/L, VPCEH3P1E/W, VPCEH3P1R/B, VPCEH3P1R/W, VPCEH3Q1E/B, VPCEH3Q1E/W, VPCEH3S1E/B, VPCEH3S1E/W, VPCEH3S1R/B, VPCEH3S6E/W, VPCEH3S8E/B, VPCEH3S8E/L, VPCEH3S8E/W, VPCEH3T9E/B, VPCEH3U1E/B, VPCEH3V8E/B, VPCEH3V8E/W, VPCEH3Z1E/B
- EJ Series
VPCEJ1C5E, VPCEJ1E1E/B, VPCEJ1E1E/W, VPCEJ1E1R/W, VPCEJ1J1E/B, VPCEJ1J1E/W, VPCEJ1L1E/B, VPCEJ1L1E/W, VPCEJ1L1R/W, VPCEJ1M1E/B, VPCEJ1M1E/W, VPCEJ1M1R/B, VPCEJ1M9E/B, VPCEJ1S1E/B, VPCEJ1Z1E/B, VPCEJ1Z1E/W, VPCEJ2A4E, VPCEJ2A9E, VPCEJ2A9R, VPCEJ2B1E/B, VPCEJ2B4E, VPCEJ2B9E, VPCEJ2C4E, VPCEJ2C5E, VPCEJ2D1E/B, VPCEJ2E1E/B, VPCEJ2E1E/W, VPCEJ2J1E/B, VPCEJ2J1E/W, VPCEJ2L1E/B, VPCEJ2L1E/W, VPCEJ2L1R/W, VPCEJ2M1E/B, VPCEJ2M1E/W, VPCEJ2M1R/W, VPCEJ2S1E/B, VPCEJ2S1R/B, VPCEJ2S9E/B, VPCEJ2Z1E/B, VPCEJ3A4E, VPCEJ3A4R, VPCEJ3B1E/B, VPCEJ3B1E/W, VPCEJ3B4E, VPCEJ3C4E, VPCEJ3C5E, VPCEJ3D1E/B, VPCEJ3D1E/W, VPCEJ3D4E, VPCEJ3E1E/B, VPCEJ3J1E/W, VPCEJ3K1E/B, VPCEJ3K1E/W, VPCEJ3L1E/B, VPCEJ3L1E/W, VPCEJ3L1R/W, VPCEJ3M1E/B, VPCEJ3M1E/W, VPCEJ3M1R/W, VPCEJ3N1E/B, VPCEJ3Q1E/B, VPCEJ3S1E/B, VPCEJ3S1R/B, VPCEJ3T1E/B, VPCEJ3Z1E/B
- EK Series
VPCEK2S1R/B, VPCEK2S1R/W, VPCEK3S1R/B, VPCEK3S1R/W
- EL Series
VPCEL1E1E/B, VPCEL1E1E/W, VPCEL1E1R/B, VPCEL1E1R/W, VPCEL2S1E/B, VPCEL2S1E/W, VPCEL2S1R/B, VPCEL2S1R/W, VPCEL3S1E/B, VPCEL3S1E/W, VPCEL3S1R/B, VPCEL3S1R/W,
- F2 Series
VPCF22C5E, VPCF22E1R/B, VPCF22J1E/B, VPCF22L1E/B, VPCF22M0E/B, VPCF22M1E/B, VPCF22M1R/B, VPCF22S1E/B, VPCF22S1R/B, VPCF22S8E/B, VPCF23A9E, VPCF23A9R, VPCF23B9E, VPCF23C5E, VPCF23K1E/B, VPCF23L1E/B, VPCF23M1E/B, VPCF23M1R/B, VPCF23N1E/B, VPCF23P1E/B, VPCF23Q1E/B, VPCF23S1E/B, VPCF23S1R/B, VPCF23X1R/BI, VPCF23Z1E/BI, VPCF23Z1R/BI, VPCF24A4E, VPCF24A4R, VPCF24B4E, VPCF24C4E, VPCF24C5E, VPCF24D4E
- J2 Series
VPCJ21L0E/B, VPCJ21L8E/B, VPCJ21M1E/B, VPCJ21M9E/B, VPCJ21S1E/B, VPCJ21S1R/B, VPCJ23M9E/B
- L2 Series
VPCL22K1E/B, VPCL22S1E/B, VPCL22S1R/B, VPCL22V1E/B, VPCL22Z1E/B, VPCL22Z1R/B
- SA Series
VPCSA2A7E, VPCSA2A7R, VPCSA2B7E, VPCSA2B7R, VPCSA2C5E, VPCSA2C7E, VPCSA2D7E, VPCSA2E7E, VPCSA2F7E, VPCSA2G7E, VPCSA2H7E, VPCSA2S9R/BI, VPCSA2V9R/BI, VPCSA2Z9E/BI, VPCSA2Z9R/BI, VPCSA2Z9R/T, VPCSA3A9E, VPCSA3B9E, VPCSA3J1E/XI, VPCSA3L9E/XI, VPCSA3M9E/XI, VPCSA3N9E/XI, VPCSA3Q9E/XI, VPCSA3S9E/XI, VPCSA3S9R/XI, VPCSA3T9E/XI, VPCSA3V9E/XI, VPCSA3X9E/XI, VPCSA3X9R/XI, VPCSA3Z9E/XI, VPCSA3Z9R/T, VPCSA3Z9R/XI, VPCSA4A4E, VPCSA4B4E, VPCSA4C5E
- SB Series
VPCSB2A7E, VPCSB2A7R, VPCSB2B7E, VPCSB2B7R, VPCSB2C5E, VPCSB2C7E, VPCSB2D7E, VPCSB2E7E, VPCSB2F7E, VPCSB2G7E, VPCSB2H7E, VPCSB2J9E/P, VPCSB2J9E/W, VPCSB2L1E/S, VPCSB2L1E/W, VPCSB2L1R/L, VPCSB2L1R/P, VPCSB2L1R/W, VPCSB2M9E/B, VPCSB2M9E/S, VPCSB2P9E/B, VPCSB2S9E/B, VPCSB2S9E/W, VPCSB2V9E/B, VPCSB2X9R/B, VPCSB2X9R/S, VPCSB2Z9R/B, VPCSB3A9E, VPCSB3A9R, VPCSB3B9E, VPCSB3C5E, VPCSB3L9E/R, VPCSB3L9E/S, VPCSB3L9E/W, VPCSB3M1R/L, VPCSB3M1R/P, VPCSB3M1R/R, VPCSB3M1R/W, VPCSB3M9E/B, VPCSB3M9E/S, VPCSB3N9E/B, VPCSB3N9E/S, VPCSB3Q9E/P, VPCSB3Q9E/S, VPCSB3Q9E/W, VPCSB3S9E/B, VPCSB3T9E/R, VPCSB3V9E/B, VPCSB3V9R/B, VPCSB3V9R/S, VPCSB3X9E/B, VPCSB3Z9E/B, VPCSB3Z9R/B, VPCSB4A4E, VPCSB4A4R, VPCSB4B4E, VPCSB4C5E
- SE Series
VPCSE1A9E, VPCSE1A9R, VPCSE1B9E, VPCSE1C5E, VPCSE1C9E, VPCSE1D9E, VPCSE1E1E/S, VPCSE1J1E/S, VPCSE1L1E/S, VPCSE1M1E/S, VPCSE1S9E/B, VPCSE1V9E/B, VPCSE1V9R/B, VPCSE1X1R/B, VPCSE1X9E/S, VPCSE1Z9E/B, VPCSE1Z9R/B, VPCSE2A4E, VPCSE2A4R, VPCSE2B4E, VPCSE2C4E, VPCSE2C5E, VPCSE2D4E
- YB Series
VPCYB2L1R/B, VPCYB2L1R/G, VPCYB2L1R/P, VPCYB2L1R/S, VPCYB2M1E/G, VPCYB2M1E/P, VPCYB2M1E/S, VPCYB3Q1R/B, VPCYB3Q1R/G, VPCYB3Q1R/P, VPCYB3Q1R/S, VPCYB3V1E/G, VPCYB3V1E/P, VPCYB3V1E/S
- Z2 Series
VPCZ21A7E, VPCZ21A7R, VPCZ21A9E/B, VPCZ21B7E, VPCZ21B7R, VPCZ21C5E, VPCZ21C7E, VPCZ21D7E, VPCZ21E7E, VPCZ21F7E, VPCZ21G7E, VPCZ21H7E, VPCZ21L9E/B, VPCZ21M9E/B, VPCZ21Q9E/B, VPCZ21S9E/B, VPCZ21V9E/B, VPCZ21V9R/X, VPCZ21X9E/B, VPCZ21X9R/B, VPCZ21X9R/N, VPCZ21Z9R/X, VPCZ23A4E, VPCZ23A4R, VPCZ23B4E, VPCZ23C4E, VPCZ23C5E, VPCZ23D4E
The vulnerability could potentially allow an arbitrary code to run on the affected products when browsing to a web-site made by a malicious attacker.
Sony has released an update program for the affected software that resolves this issue. All subject customers with affected products are recommended to immediately upgrade to the newest version of the application by using VAIO Update (the update will be automatically installed if VAIO Update is running with default settings) or by downloading and installing the update program manually.
How can you check if your computer uses a vulnerable version of VAIO Easy Connect?
- Click Start, type VAIO Easy Connect and press Enter.
- Right-click the title bar and select About VAIO Easy Connect
- If the Version number starts with 1.0.0 or 1.1.0 an update is required.
Download and install the VAIO Easy Connect Security update program.
In case of further questions, please contact Sony Support.
Sony would like to thank High-Tech Bridge SA Security Research Lab for reporting the relevant issues and working with Sony to help protect our customers.